|
248361
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.
|
CWE-326
Inadequate Encryption Strength
|
CVE-2017-7888
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248362
|
6.1 |
MEDIUM
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2017-7887
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248363
|
9.8 |
CRITICAL
Network
|
dolibarr
|
dolibarr_erp\/crm
|
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
|
CWE-89
SQL Injection
|
CVE-2017-7886
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248364
|
7.8 |
HIGH
Local
|
swftools
|
swftools
|
A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier allows remote attackers to execute arbitrary code via a malformed PDF document, possibly a consequence of an error in Gfx.cc in Xpdf…
|
CWE-416
Use After Free
|
CVE-2017-7698
|
2024-11-21 12:32 |
2017-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248365
|
7.1 |
HIGH
Network
|
advantech
|
webaccess
|
An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse th…
|
CWE-22
Path Traversal
|
CVE-2017-7929
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248366
|
7.3 |
HIGH
Network
|
dahuasecurity
|
dh-ipc-hdbw23a0rn-zs_firmware
dh-ipc-hdbw13a0sn_firmware
dh-ipc-hdw1xxx_firmware
dh-ipc-hdw2xxx_firmware
dh-ipc-hdw4xxx_firmware
dh-ipc-hfw1xxx_firmware
dh-ipc-hfw2xxx_firmware
d…
|
A Use of Password Hash Instead of Password for Authentication issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-7927
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248367
|
9.8 |
CRITICAL
Network
|
dahuasecurity
|
dh-ipc-hdbw23a0rn-zs_firmware
dh-ipc-hdbw13a0sn_firmware
dh-ipc-hdw1xxx_firmware
dh-ipc-hdw2xxx_firmware
dh-ipc-hdw4xxx_firmware
dh-ipc-hfw1xxx_firmware
dh-ipc-hfw2xxx_firmware
d…
|
A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX,…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2017-7925
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248368
|
8.8 |
HIGH
Network
|
hikvision
|
ds-2cd2032-i_firmware
ds-2cd2112-i_firmware
ds-2cd2132-i_firmware
ds-2cd2212-i5_firmware
ds-2cd2232-i5_firmware
ds-2cd2312-i_firmware
ds-2cd2332-i_firmware
ds-2cd2412f-i\(w\)_fir…
|
A Password in Configuration File issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS…
|
CWE-200
Information Exposure
|
CVE-2017-7923
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248369
|
8.8 |
HIGH
Network
|
cybervision
|
kaa_iot_platform
|
A Code Injection issue was discovered in CyberVision Kaa IoT Platform, Version 0.7.4. An insufficient-encapsulation vulnerability has been identified, which may allow remote code execution.
|
CWE-94
Code Injection
|
CVE-2017-7911
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
248370
|
9.8 |
CRITICAL
Network
|
advantech_b\+b_smartworx
|
mesr901_firmware
|
A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and red…
|
CWE-287
Improper Authentication
|
CVE-2017-7909
|
2024-11-21 12:32 |
2017-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
